In rapidly growing numbers, businesses and consumers are moving their routine commercial activities into the electronic marketplace. The growth of electronic networks has given businesses of all sizes unprecedented access to new markets. At the same time, networks reduce the need for market intermediaries and their associated costs. Increased competition among sellers has reduced buyer costs.
Commercial enterprises are developing technologies to take advantage of the electronic marketplace. However, one area that significantly lags others is the development of systems for executing financial transactions of all types across electronic networks.
Financial transactions today take many forms: cash, check, credit card, debit card, automated teller, etc. The nature of the transaction determines which payment system is the method of choice:
Financial Payments ($500K+): Transactions in this range are predominantly payments between financial institutions using electronic systems such as CHIPS, FedWire and SWIFT.
Commercial Payments ($1000 to $500K): These are usually procurement payments between businesses. Since these transactions often require the exchange of documents, e.g., bids and proposals, Electronic Data Interchange (EDI) is commonly used.
Consumer Payments ($20 to $1000): At the higher end of the range, credit cards are generally used. While checks are also used, they have significantly less wide-spread acceptance, particularly among merchants, and are more often used for bill payment. At the lower end of this range, consumers are most likely to use cash. Credit cards are sometimes used as a cash substitute.
Paper Currency Payments ($1 to $20): The vast majority of all financial transactions fall in this range. The primary use of cash is for these payments.
Coin Transactions (under $1): Although the value of each transaction is low, the volume of transactions is high. These transactions are also highly diverse, ranging from buying newspapers to feeding parking meters.
Financial and commercial payments are already handled somewhat adequately by the systems which serve them. While improvements are possible, change is likely to be gradual.
Transactions in the lower range are far less efficient. Consumer payments by credit card are appropriate where an extension of credit is required. However, because a credit card transaction is bundled with numerous supporting services, it is often ineffective as a substitute for cash, particularly for small value transactions.
Cash transactions themselves are highly inefficient. Last year for example, Americans executed 300 billion cash transactions for items costing less than $20. Banks and businesses spend over $60 billion annually to move, secure, and account for these transactions. Growing numbers of consumers feel burdened by the inconvenience and risk in carrying cash. Further, it is currently impossible to use cash in the electronic marketplace.
Low value cash and consumer transactions will likely be the heart of electronic commerce and electronic payment systems currently under development target this market.
While not all cash transactions will migrate to electronic transfer, the development of a global network such as the Internet itself will create many new on-line markets. A merchant will be any vendor who has Internet connectivity and offers goods for sale, whether they are durable goods, or information-based products such as reports and software entertainment. A customer will be anyone who subscribes to the Internet and browses the vendor web sites for information or tangible goods.
This will give rise to a new type of payment transaction called a "micropayment." These payments will be of very low value--fractions of a penny in some cases--but executed in very high volumes. Micropayments will purchase many of the new information-based products. Information utilities must be able to bill in precise increments for such services as information retrieval (search), cataloging, archiving, formatting, reproducing in various media, etc.
The many challenges faced by any electronic payment system include security as the paramount requirement. However, in addition to being secure, the successful electronic payment system must protect individual privacy without impeding legitimate inquiries by law enforcement and government agencies. This requires transactional anonymity with an audit trail. Transactions may also be non-appealable, emulating cash transactions.
Electronic payment systems are based on either a credit or a debit payment model. In the debit model, first an account is funded, then purchases are made by drawing down on those funds. In the credit model, the purchase is made in advance of payment as with a conventional credit card.
Electronic payment systems are either on-line or off-line systems. An on-line system is one where the parties to a transaction are joined through a network to a third party and communicate with this third party (server) during the course of the transaction. When transactions are executed on an on-line system, the server immediately records the transaction and updates various databases. It may also initiate funds movements.
In an off-line system, two parties exchange funds without any communication with a bank or other third party during the transaction. Off-line systems normally require hardware devices such as smartcards to provide adequate security. In order to download value (cash) onto the card, or to make a deposit, the card must be connected in some way to an electronic network to communicate with a bank or automated teller service. Until the device that receives a payment communicates with a bank over the network, the transaction is completely undocumented within the banking system.
At the time of this writing, a collection of proposed payment systems for the Internet included about fifty entries. These existing systems can be categorized into the following types: credit card based systems, electronic check systems, electronic coin systems, stored value cards, on-line payment systems, electronic scrip systems, and debit systems. These systems, including their benefits and disadvantages, are summarized here.
Credit Card Based Systems
There are several electronic payment systems that are essentially existing credit card systems adapted for operation over the Internet. The chief technical challenge they face in porting the functionality of the credit card system to the Internet is to securely obtain or transmit a customer's credit card information. As a way to lower overall transaction costs, some credit card systems accumulate customer charges and merchant payments up to a predetermined threshold before sending them out to processing agents.
All electronic payment systems based on the credit card model benefit from the familiarity and name recognition these franchises have carefully built up over many years of operation.
However, given the average charge of about $0.20 plus 2% to 3% transaction fees, most merchants would prefer to do business using an alternate and cheaper, payment transaction scheme.
Credit electronic payment systems are built around the conventional, bundled service credit card transaction processing systems. In the current environment, the only network transaction for which these electronic payment systems are optimized is a merchandise mail order purchase of significant value. Even with complicated cumulative charge and payment schemes, these systems are too costly and inefficient for the vast proliferation of low-value payments, including micropayments, that will be common to electronic commerce.
The privacy scheme for the credit electronic payment systems, in most cases, is much like conventional credit card systems. Except for withholding credit card numbers, merchants have access to the standard customer information. Some of the systems provide authentication using digital signatures.
Electronic Check Systems
There are electronic payment systems that are analogous to paper checks. An electronic check would typically consist of a document, signed by the payor using a certified digital signature key, which lists the information necessary for processing a paper check such as: the payor, the bank of the payor, the account number of the payor, the payee, the amount of the payment, and the date of the payment. The payee verifies the signature on the electronic check and then sends the electronic check to his bank for processing. The bank processing of an electronic check is essentially the same process as that used for paper checks today.
The advantage of electronic checks is that they take advantage of existing bank clearing processes, which reduces development time. In the basic model of electronic check, the payee would take the risk if the electronic check was not good. However, the merchant or payee would have two possible avenues to reduce his risk in the case of an on-line payment. If the bank was on-line, the payee could obtain approval from the bank that the check was good or he could require that the payor obtain a certified check from a bank.
The downside of electronic checks is their relatively high cost. Although they are expected to be considerably cheaper than the credit card based systems, most developers of electronic check systems expect the cost to be in the $0.10 to $0.50 range per electronic check. Part of this cost is because of the necessity of an ACH (automated clearing house) transaction for each interbank check, which costs about $0.15. Another problem with electronic checks is that they do not provide any privacy for the payor. The payee will know identifying information which is tied to the payor.
Electronic Coin Based Systems
There are numerous proposals for electronic payment systems that use electronic coins of fixed amounts as a means of exchange. A customer makes a withdrawal from his bank account and receives electronic coins from the bank. The customer can then use these coins to pay a merchant. The merchant can check the validity of the coins using cryptographic techniques. Then the merchant can deposit the coins into the bank. Some electronic coin systems can be used with a multitude of banks.
An advantage of electronic coins is that a coin can be validated by cryptographic techniques so a merchant can be convinced that the coin is indeed valid. However, the merchant has no way to determine on his own whether the coin has been spent before. In order to determine this, the coin has to be given to the bank, and the bank has to check to see if that coin has been deposited before. Some systems suggest the use of tamper resistant hardware for storing the coins so that the tamper resistance has to be broken in order for the customer to spend a coin more than once.
There are electronic coin based systems that provide a very high degree of anonymity. Even if the banks and merchants pool their information about transactions, the identity of the payor of a particular transaction cannot be determined. Because this degree of anonymity might not be acceptable by some governments, there are electronic coin payment systems in which the identity of payors can be determined by trustees who could be independent of the banks and merchants.
One problem with some electronic coin systems is that a single payment might require the use of multiple coins in order to add up to the correct value.
Electronic coin systems are designed to be used in off-line systems, but they could be used in an on-line system as well. The merchant could just deposit the coins and receive a confirmation of the validity of the coins before providing merchandise.
Digital cash transactions are much like cash transactions. Payments are immediate and non-appealable.
Regardless of the provisions the issuer makes to protect against lost or damaged tokens, anonymity means the consumer will be vulnerable to loss. To protect against fraud and loss, some electronic coin systems serialize the tokens that they issue. If the consumer cannot produce a record of the serial numbers, or if the tokens have already been redeemed by someone else, the consumer has indeed lost the "cash."
Anonymity imposes additional overhead on issuers because they must retain extensive records of serial numbers for tokens they have issued.
Stored Value Cards
Another approach to electronic payments uses devices that store a value on them. The device has a register in it that keeps an accounting of the amount of money stored in the device. A customer connects with a bank through an ATM or equivalent and withdraws money from his bank account and the value of the withdrawal is added to the register. The customer can authorize a movement of funds from his device to another device in the system. During this process, the value on his device is reduced and the value on the other device is increased by the same amount. In some systems, any device can accept payments, while in other systems only specified devices can accept payments.
An advantage of the stored value approach is that it requires little processing at the bank. Transactions can take place with no involvement from the bank.
A serious problem with stored value devices is the possibility that a customer could fraudulently add value to his device. One method for reducing the risk of this is to limit the scope of acceptability of the devices. For example, a metropolitan transit system may provide cards that can only be used in the transit system. Another method would be to make the devices extremely difficult to break into. However, this still leaves the system vulnerable to attack. If these devices were to become widely used, it could become financially profitable for an attacker to break into one or more devices and place some large amount of value into the device. If there was no method built into the system for detecting and recovering from such an attack, then losses could be huge.
There is another type of electronic payment that is strictly an off-line system using tamper resistant trusted devices. In this system, a device would have a signature key authorized by a bank. By taking the device to an ATM, or through some other communication with the bank, the customer can withdraw money from his bank account and the balance would be placed on the device together with an identifying number that is unique to this particular withdrawal. When the customer wants to pay a merchant, the device would use the signature key to sign an order to pay the merchant for a specified amount, the balance on the customer's device would be debited by that amount, and the balance on the merchant's device would be credited by that amount. There could be a multiplicity of balances on the customer's device.
One problem with this system is that it requires the bank to keep all records corresponding to a particular withdrawal until the entire withdrawal has been accounted for. Since the transactions could go to many merchants, all of these records must be held until all of the merchant's devices have been to an ATM.
Another problem with the system is that if a transaction has gone through several hands, then a receiver has to check all signatures to validate the cash.
A further problem with this system is that the privacy of a transaction is protected only by the security of the trusted device. Therefore, if this system were to be adopted to low value payments with a lower security level on the devices, the privacy could be more easily compromised as well.
Electronic Scrip
Electronic scrip refers to a type of electronic currency which has a merchant identified at the time of issuance of the cash and such that the electronic currency can only be spent with that merchant. When a customer identifies a new merchant that he wishes to pay, or if he runs out of scrip with a previous merchant, he obtains scrip from a broker for some specified total amount that can be divided into discrete pieces to pay that particular merchant. The payment to the broker for the scrip could involve another type of electronic payment. The customer can then make payments to the specified merchant until the total is reached or until the customer does not want to make any more payments to that merchant during the current time period, for instance a day. The merchant must deposit the scrip with the broker. The broker then pays the merchant through some other payment mechanism.
Because this system uses some other electronic payment system for the customer to purchase scrip from the broker and for the broker to pay the merchant for redeemed scrip, it will only be beneficial in instances in which a customer has many transactions with a single merchant. In these cases, it is more efficient than other electronic payment systems, because of the reduced computational complexity that is required for a scrip payment.
Debit Systems
Debit systems rely on the existing infrastructure of highly efficient ACHs and ATMs for initial funding. Therefore, they have relatively lower transaction costs as compared to credit systems. Typically, an ATM transaction costs $0.50, or less, and an ACH transaction costs less than $0.15. Only a single transaction is needed to fund an account.
Debit systems execute payment transactions by exchanging electronic tokens. These tokens are digitally signed by a participating bank and delivered to the consumer in exchange for a debit to the consumers checking account. The debited funds are held in an escrow account, so that the amount of digital cash or tokens issued is backed by an equivalent amount of cash.
Debit systems today generally use stronger security and authentication techniques than credit systems. Debit systems may employ public key cryptography schemes for security and a variety of digital signature algorithms for authentication. This level of security allows debit systems to operate freely over open unsecured networks.
Debit systems are an attractive alternative to cash for many reasons. Transactions will occur faster because there is no need to wait for change. Debit systems eliminate the operational costs of handling cash. They improve security and reduce losses because businesses are able to transmit value to their bank at any time instead of having to wait for business hours to deposit cash.
In addition, a key feature of the debit system is anonymity. However, only the payer receives complete anonymity. The payee can always be traced.
It is generally believed that governments and law enforcement agencies will not accept security schemes that do not make provision for a so-called back door. Moreover, it is not clear that customers prefer complete anonymity in place of personalized contact with a merchant and protection against loss. The latter is only possible if records of tokens issued to consumers are kept on file.
Common to all off-line debit systems is the use of proprietary, special purpose hardware, including smartcards and the accompanying readers, wallets and smart phones. Smartcards offer an added degree of freedom in dispensing with cash. A one-on-one transaction can be completed without a computer link provided the necessary hardware is available.
Problems with Existing Proposed Solutions
None of these existing or proposed electronic payment systems provide for payment that is non-appealable, does not need extensive records, is relatively anonymous for the consumer, and has low enough processing cost so that it can adequately deal with micro-payments to individual merchants. As noted, micro-payments are very low-value payments that are likely to occur in high volumes on digital communication networks. For example, on a network such as the Internet, merchants such as stock brokers may wish to sell stock quotes at $0.01 per quote. While the cost per sale item is very low, the number of items sold per day may be very high.
With credit card or check-based payment systems, the recipient and/or the system must assume some credit risk, since the buyer can repudiate or simply become unable to pay. The associated insurance component necessarily raises the cost of the payment service. Consumer anonymity is desirable in view of fears expressed by privacy advocates and others that in the future, it will become possible to collect and analyze huge amounts of data concerning every purchase or road toll payment a person makes, thereby creating potential privacy problems.
A problem with payment systems that make an instantaneous payment to merchants is that if a fraudulent merchant is accepting many fraudulent transactions, he might not be detected until he had already received much money.
For these and other reasons, it is desirable to provide a payment system that is non-appealable, does not need extensive records, is relatively anonymous for the consumer, and would adequately deal with micropayments to individual merchants.
Other desirable aspects of a payment system include high performance, low cost, minimum maintenance, easy scaleabiliy according to volume, significant security with moderated anonymity and strong authentication, standards-based and open architecture and adaptability for anomaly detection for detection of fraud.